We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website. See our cookie policy for more information on cookies and how to manage them.

The Office 365 Security Lowdown for IT Pros

I spend my days (and nights) explaining how the strengths of the cloud - high availability, scalability, and interoperability - can help us overcome what is often considered its greatest weakness: security.

It’s no mystery that Microsoft has doubled down on cloud related endeavors as of late. In fact, Microsoft’s commercial cloud revenue grew 106% in the most recent quarter, fueled by the technology giant’s Office 365 and Azure offerings, leading to an annualized revenue run rate of $6.3 billion.

Adoption continues to accelerate – and for good reason. Office 365 gives users a comfortable and familiar means of entering the cloud ecosystem. Meanwhile, IT leadership is enjoying the familiar host of cloud benefits: financial and logistical perks, not to mention a vital boost to employee productivity.

But, what about Office 365 security, you ask. Microsoft offers an impressively rich array of security features built into Office 365, equipping security professionals with tools to protect their critical data assets.

Built-In Office 365 Security Features

Microsoft has developed an extremely comprehensive security strategy around their cloud offerings, as detailed in their Office 365 Trust Center. Most notably, the compliance center within the Office 365 product to offer administrators a suite of security tools, including data loss prevention (DLP), eDiscovery, and archiving capabilities.

Preloaded with a number of templates for DLP policies or “rules” – many based on compliance regulations such as HIPAA, and PCI DSS – security and IT pros alike will undoubtedly come to love its simplicity and ease of use.

Administrators can tune policies to their liking, controlling a number of policy conditions, such as the threshold required to trigger a violation, i.e., there must be x matches of a credit card within a file.

Additionally, admins can tweak what Microsoft refers to as the confidence percentage of a policy, allowing security professionals to configure extremely tight policies with a very high true positive rate, or broaden their tolerance to ensure any potential incident worth investigating is captured.

Finally, often used by government employees, S/MIME offers additional communication security in the form of public key encryption.

Additional Office 365 Security Considerations

Unified Multi-SaaS Control. Increasingly, today’s organizations are deploying multiple cloud applications. One of the most significant opportunities to compliment Microsoft’s security capabilities comes in the form of unifying security efforts across the entire SaaS portfolio.

Rather than relying on a solution comprised of the (highly variable) capabilities of individual SaaS providers or a number of point solutions, a unified multi-SaaS cloud cybersecurity solution offers a higher level of strength and efficacy – allowing security professionals to create and deploy data governance policies across multiple cloud applications. Incident management is also greatly simplified, allowing security admins to visualize the Office 365 activity feed in a single integrated console.

Account Compromise. As cybersecurity threats continue to grow, organizations must obtain rapid insight into potential threats through user behavior monitoring and threat protection. This can include anything from detecting activity from suspicious locations to alerting on a high frequency of user behaviors, potentially indicative of a malicious script.

While many platform providers offer behavior monitoring services (with an admittedly wide variance in the strength of such offerings from provider to provider), organizations continue to express a need to aggregate information across SaaS platforms and exercise control over what actions trigger an incident.

Information governed by compliance regulations such as PCI DSS or SOX provides an obvious example, though security teams also need to keep an eye on far more: intellectual property, corporate roadmaps, and internal financials, to start.

Shadow IT and Connected Apps. Third-party applications play a large role in adding functionality to Office 365. Microsoft offers well over 1,000 opportunities to integrate with third-party SaaS providers (and many more in the Azure store), ranging from productivity apps, to sales and marketing tools, to visualization apps, and beyond.

Enabled by users through corporate credit credentials, these apps connect directly with corporate cloud applications, raising concern over their permission scope and the possibility of unintentional data exfiltration. To enjoy the benefits of third-party cloud applications securely, be sure to:

Leverage the insights of peers to determine what may constitute risky applications

Limit the access of the application, to ensure only necessary or appropriate access

It Looks Like You’re Trying to Secure Your Cloud Applications

I can’t be the only one with fond memories of Clippy, arguably the best part of using Microsoft Office (versions ‘97 through 2003). Unfortunately, we don’t incorporate everyone’s favorite Office Assistant in our solution (RFE, anyone?).

We can, however, offer a no-strings-attached personal assessment to show how CloudLock can help you embrace the power of Office 365 and other cloud applications within your organization securely. If you’re not quite ready for an assessment, take a look at what CloudLock offers for Office 365 on your own time.

Follow us

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser